* QA Notice: The following files contain runtime text relocations * Text relocations force the dynamic linker to perform extra * work at startup, waste system resources, and may pose a security * risk. On some architectures, the code may not even function * properly, if at all. * For more information, see http://hardened.gentoo.org/pic-fix-guide.xml * Please include the following list of files in your report: * TEXTREL lib/security/pam_filter/upperLOWER * TEXTREL sbin/unix_update * TEXTREL sbin/pam_timestamp_check * TEXTREL sbin/unix_chkpwd * QA Notice: Package triggers severe warnings which indicate that it * may exhibit random runtime failures. * misc_conv.c:213:13: warning: the address of 'line' will always evaluate as 'true' [-Waddress] * misc_conv.c:325:6: warning: the address of 'binary_prompt' will always evaluate as 'true' [-Waddress] * Please do not file a Gentoo bug and instead report the above QA * issues directly to the upstream developers of this software. * Homepage: https://fedorahosted.org/linux-pam/ Portage 2.1.11.50 (default/linux/sh/13.0, gcc-4.6.3, glibc-2.11.3, 2.6.30.9 sh4) ================================================================= System uname: Linux-2.6.30.9-sh4-SH7751R-with-gentoo-2.1 KiB Mem: 60920 total, 9468 free KiB Swap: 999928 total, 989920 free Timestamp of tree: Sat, 23 Feb 2013 09:00:01 +0000 ld GNU ld (GNU Binutils) 2.22 ccache version 3.1.9 [disabled] app-shells/bash: 4.2_p37 dev-lang/python: 2.7.3-r2, 3.2.3 dev-util/ccache: 3.1.9 dev-util/cmake: 2.8.9 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.1-r1 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.11.6 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.5.3-r1, 4.6.3 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.6 (virtual/os-headers) sys-libs/glibc: 2.11.3 Repositories: gentoo ACCEPT_KEYWORDS="sh" ACCEPT_LICENSE="*" CBUILD="sh4-unknown-linux-gnu" CFLAGS="-O2 -m4 -pipe" CHOST="sh4-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -m4 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps y --keep-going y -1 --quiet-fail y" FCFLAGS="-O2" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms split-log strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="-O2" GENTOO_MIRRORS="http://distfiles.gentoo.org" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl berkdb bzip2 cli cracklib crypt cxx fortran gdbm gpm iconv ipv6 modules mudflap ncurses nls nossp nptl openmp pam pcre readline session sh ssl tcpd unicode zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3 php5-4" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="dummy fbdev v4l" USE_PYTHON="2.7 3.2"
Created attachment 340566 [details] build log
Mike does SH support PIE? HPPA seems like they don't and we disable it as is ...
Otherwise I guess I could just disable pie support from PAM and just leave it to Hardened..
(In reply to comment #2) SuperH somewhat supports PIE. its apps will run link/load/run fine, but there are textrels in the init code -- see bug 336641 imo, if the program isn't set*id, there's no reason to force PIE for non-hardened system. i can't see any of these pam utils falling into that category.
should be all set now in the tree; thanks for the report! Commit message: Respect USE=pie http://sources.gentoo.org/sys-libs/pam/pam-1.1.8-r3.ebuild?rev=1.1